# SCRIMED Dynamic Context Injection Engine

Status: scrimed-dynamic-context-injection-ready-no-phi
Schema: scrimed-context-manifest-v2026-06-30
API: /api/scrimed-build-roadmap/context-manifest

## Boundary
SCRIMED Dynamic Context Injection Engine is a synthetic/no-PHI pre-agent-run manifest layer. It can select context, modules, skills, reminders, validators, omitted context, and audit metadata, but it cannot grant tool permissions, expose secrets, store hidden chain-of-thought, authorize PHI, or execute protected healthcare actions.

## Pre-Agent-Run Manifest
- Manifest ID: scrimed-context-manifest-synthetic-pre-agent-run-v1
- Cadence: pre-agent-run
- Safety decision: allowed
- Manifest hash: synthetic-57c2bdb3

## Selected Modules
- Dynamic Context Injection Engine: Primary next build step; creates the pre-agent-run context manifest.
- Operational Benchmark Layer: Required to prevent the self-correction trap through structured benchmarks.
- SCRIMED Workflow Planner: Provides workflow state, approval maps, rollback expectations, and audit requirements.
- Governance / Compliance: Supervises policy gates, sensitive-task detection, evidence completeness, and compliance escalation.
- Secure Middleware Gateway: Keeps tool access permissioned and prevents direct LLM-to-system access.

## Skill/Module Listing Every Turn
- Next.js App Router: Route handlers and server-rendered internal command surfaces.
- SCRIMED Safety Governance Gate: Classify requests, enforce no-PHI boundaries, and fail closed on blocked healthcare actions.
- TrustOps Module Registry: Load only the governance, middleware, signal, and benchmark modules needed for the current task.
- Nonsecret Contract Smoke: Verify manifest source strings, docs, APIs, safety boundaries, and test-suite wiring.

## Task Reminders
- v1 reminder-no-phi: Keep the run synthetic/no-PHI and reject live patient data, identifiers, source charts, and credentials.
- v1 reminder-validate-not-self-correct: Validate with schemas, evidence, deterministic rules, benchmarks, and human review rather than model self-verification alone.
- v1 reminder-context-minimization: Load only modules, tools, and context needed for this run; document omitted context and why it stayed out.

## Omitted Context
- omit-live-phi: Live PHI and patient identifiers are outside the current SCRIMED authority boundary.
- omit-secrets: Secrets are not needed for synthetic manifest construction.
- omit-production-connectors: The manifest cannot authorize live EHR, payer, imaging, outreach, billing, or connector actions.
- omit-hidden-chain-of-thought: SCRIMED stores decision trace metadata and rationale summaries, not private model chain-of-thought.
- omit-irrelevant-tools: Lazy capability loading excludes tools and modules unrelated to this pre-agent-run context task.

## Validators
- Structured Output Schema Validator: Block agent run artifact release until typed schema validation passes.
- Evidence and Source Validator: Escalate outputs that lack evidence, source attribution, freshness, or limitation notes.
- Deterministic Rule Validator: Block outputs that conflict with policy, workflow state, payer rules, or no-go boundaries.
- Human Review Gate: Keep protected workflow status unresolved until a qualified reviewer disposition exists.
- SCRIMED Safety Governance Gate: Fail closed on PHI, live-care authority, patient outreach, payer submission, EHR writeback, or certification claims.
- Operational Benchmark Layer: Block release when schema fidelity, reasoning validity, or operational accuracy regresses.

## Memory Write Plan
- Destination: metadata-only-decision-memory-ledger
- Chain-of-thought policy: Store concise rationale summaries and evidence refs only; do not request, expose, or persist hidden model chain-of-thought.

## Validation
- PASS pre-agent-run-context-manifest-ready: Manifest must be ready only for synthetic/no-PHI pre-agent-run use.
- PASS selected-modules-listed-every-turn: Manifest must include selected modules plus skill/module listing every turn.
- PASS task-reminders-versioned: Task reminders must be versioned and required before the next agent run.
- PASS omitted-context-protects-phi-secrets-connectors-and-hidden-chain-of-thought: Manifest must explicitly omit PHI, secrets, production connectors, and hidden chain-of-thought.
- PASS validators-avoid-self-correction-trap: Manifest must validate with schemas, evidence, rules, benchmarks, and human review.
- PASS manifest-cannot-grant-tool-access: Context injection may select context but cannot grant tools or permissions.
- PASS memory-plan-metadata-only-no-hidden-cot: Long-term memory plan must stay metadata-only and block PHI plus hidden chain-of-thought.
- PASS safety-governance-pass: Manifest must pass SCRIMED's no-PHI safety governance gate.

## Next Build Step
Wire this manifest into the SCRIMED Workflow Planner and Agent Runtime as the required pre-run packet for every synthetic agent execution.
